Infected with mediashifting.org

[swiss85]

Hi, as other users in this forum, i am also infected with the mediashifting.org thing, opening random tabs in firefox. i already used FSS and TDSSKiller, but the problem still occurs. Below are the logs of FSS and TDSSKiller. I would really appreciate any help!!

Thanks a lot already in advance!!

Farbar Service Scanner Version: 17-01-2012 00

Ran by d.m (administrator) on 18-01-2012 at 13:46:10

Microsoft Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

13:48:09.0973 0164 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24

13:48:10.0131 0164 ============================================================

13:48:10.0131 0164 Current date / time: 2012/01/18 13:48:10.0131

13:48:10.0131 0164 SystemInfo:

13:48:10.0131 0164

13:48:10.0131 0164 OS Version: 6.1.7601 ServicePack: 1.0

13:48:10.0131 0164 Product type: Workstation

13:48:10.0132 0164 ComputerName: D

13:48:10.0132 0164 UserName: d.m

13:48:10.0132 0164 Windows directory: C:\windows

13:48:10.0132 0164 System windows directory: C:\windows

13:48:10.0132 0164 Running under WOW64

13:48:10.0132 0164 Processor architecture: Intel x64

13:48:10.0132 0164 Number of processors: 4

13:48:10.0132 0164 Page size: 0x1000

13:48:10.0132 0164 Boot type: Normal boot

13:48:10.0132 0164 ============================================================

13:48:10.0714 0164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:48:10.0831 0164 Initialize success

13:48:11.0641 6032 ============================================================

13:48:11.0641 6032 Scan started

13:48:11.0641 6032 Mode: Manual;

13:48:11.0641 6032 ============================================================

13:48:13.0151 6032 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

13:48:13.0155 6032 1394ohci - ok

13:48:13.0261 6032 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\windows\system32\DRIVERS\Accelerometer.sys

13:48:13.0279 6032 Accelerometer - ok

13:48:13.0405 6032 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

13:48:13.0411 6032 ACPI - ok

13:48:13.0548 6032 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

13:48:13.0550 6032 AcpiPmi - ok

13:48:13.0669 6032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

13:48:13.0686 6032 adp94xx - ok

13:48:13.0807 6032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

13:48:13.0820 6032 adpahci - ok

13:48:13.0874 6032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

13:48:13.0876 6032 adpu320 - ok

13:48:13.0932 6032 Afc - ok

13:48:14.0076 6032 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

13:48:14.0081 6032 AFD - ok

13:48:14.0416 6032 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys

13:48:14.0444 6032 AgereSoftModem - ok

13:48:14.0599 6032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

13:48:14.0600 6032 agp440 - ok

13:48:14.0697 6032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

13:48:14.0698 6032 aliide - ok

13:48:14.0745 6032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

13:48:14.0767 6032 amdide - ok

13:48:14.0865 6032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

13:48:14.0867 6032 AmdK8 - ok

13:48:15.0458 6032 amdkmdag (650ddccd6657e20737433cb774521b81) C:\windows\system32\DRIVERS\atikmdag.sys

13:48:15.0668 6032 amdkmdag - ok

13:48:15.0894 6032 amdkmdap (f51b013c55b30dbe3ad59a7fe197c5ba) C:\windows\system32\DRIVERS\atikmpag.sys

13:48:15.0911 6032 amdkmdap - ok

13:48:16.0037 6032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

13:48:16.0039 6032 AmdPPM - ok

13:48:16.0136 6032 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

13:48:16.0138 6032 amdsata - ok

13:48:16.0370 6032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

13:48:16.0374 6032 amdsbs - ok

13:48:16.0395 6032 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

13:48:16.0408 6032 amdxata - ok

13:48:16.0500 6032 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

13:48:16.0511 6032 AppID - ok

13:48:16.0717 6032 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

13:48:16.0729 6032 arc - ok

13:48:16.0747 6032 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

13:48:16.0749 6032 arcsas - ok

13:48:16.0802 6032 ARCVCAM (ce2168c926927ba926301baf172bc693) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys

13:48:16.0820 6032 ARCVCAM - ok

13:48:16.0866 6032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

13:48:16.0867 6032 AsyncMac - ok

13:48:16.0959 6032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

13:48:16.0960 6032 atapi - ok

13:48:17.0157 6032 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\windows\system32\drivers\AtiHdmi.sys

13:48:17.0169 6032 AtiHdmiService - ok

13:48:17.0341 6032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

13:48:17.0360 6032 b06bdrv - ok

13:48:17.0660 6032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

13:48:17.0665 6032 b57nd60a - ok

13:48:17.0783 6032 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

13:48:17.0784 6032 Beep - ok

13:48:17.0980 6032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

13:48:17.0993 6032 blbdrive - ok

13:48:18.0093 6032 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

13:48:18.0095 6032 bowser - ok

13:48:18.0153 6032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

13:48:18.0175 6032 BrFiltLo - ok

13:48:18.0203 6032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

13:48:18.0216 6032 BrFiltUp - ok

13:48:18.0395 6032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

13:48:18.0401 6032 Brserid - ok

13:48:18.0499 6032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

13:48:18.0500 6032 BrSerWdm - ok

13:48:18.0590 6032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

13:48:18.0591 6032 BrUsbMdm - ok

13:48:18.0618 6032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

13:48:18.0631 6032 BrUsbSer - ok

13:48:18.0907 6032 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

13:48:18.0919 6032 BthEnum - ok

13:48:18.0965 6032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

13:48:18.0966 6032 BTHMODEM - ok

13:48:19.0029 6032 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

13:48:19.0047 6032 BthPan - ok

13:48:19.0140 6032 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

13:48:19.0149 6032 BTHPORT - ok

13:48:19.0323 6032 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

13:48:19.0330 6032 BTHUSB - ok

13:48:19.0419 6032 BTMCOM (e588420b950dac5ac397f76660bce520) C:\windows\system32\Drivers\btmcom.sys

13:48:19.0421 6032 BTMCOM - ok

13:48:19.0661 6032 BTMUSB (4eef6b894e05fc245640dcee9190a053) C:\windows\system32\Drivers\btmusb.sys

13:48:19.0703 6032 BTMUSB - ok

13:48:19.0886 6032 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

13:48:19.0904 6032 cdfs - ok

13:48:20.0001 6032 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

13:48:20.0004 6032 cdrom - ok

13:48:20.0099 6032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

13:48:20.0114 6032 circlass - ok

13:48:20.0291 6032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

13:48:20.0310 6032 CLFS - ok

13:48:20.0534 6032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

13:48:20.0552 6032 CmBatt - ok

13:48:20.0610 6032 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

13:48:20.0612 6032 cmdide - ok

13:48:20.0780 6032 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys

13:48:20.0787 6032 CNG - ok

13:48:20.0918 6032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

13:48:20.0919 6032 Compbatt - ok

13:48:20.0967 6032 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

13:48:20.0981 6032 CompositeBus - ok

13:48:21.0095 6032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

13:48:21.0110 6032 crcdisk - ok

13:48:21.0202 6032 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys

13:48:21.0209 6032 CSC - ok

13:48:21.0317 6032 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\windows\system32\DRIVERS\CVirtA64.sys

13:48:21.0329 6032 CVirtA - ok

13:48:21.0526 6032 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\windows\system32\Drivers\CVPNDRVA.sys

13:48:21.0531 6032 CVPNDRVA - ok

13:48:21.0591 6032 DAMDrv (a8ba4da23ac20bda23ca15234d42a3fa) C:\windows\system32\DRIVERS\DAMDrv64.sys

13:48:21.0592 6032 DAMDrv - ok

13:48:21.0773 6032 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

13:48:21.0789 6032 DfsC - ok

13:48:21.0985 6032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

13:48:21.0997 6032 discache - ok

13:48:22.0081 6032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

13:48:22.0096 6032 Disk - ok

13:48:22.0216 6032 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\windows\system32\DRIVERS\dne64x.sys

13:48:22.0219 6032 DNE - ok

13:48:22.0431 6032 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

13:48:22.0432 6032 drmkaud - ok

13:48:22.0571 6032 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

13:48:22.0592 6032 DXGKrnl - ok

13:48:22.0944 6032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

13:48:22.0985 6032 ebdrv - ok

13:48:23.0180 6032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

13:48:23.0186 6032 elxstor - ok

13:48:23.0239 6032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

13:48:23.0249 6032 ErrDev - ok

13:48:23.0381 6032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

13:48:23.0399 6032 exfat - ok

13:48:23.0591 6032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

13:48:23.0595 6032 fastfat - ok

13:48:23.0676 6032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

13:48:23.0677 6032 fdc - ok

13:48:23.0729 6032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

13:48:23.0731 6032 FileInfo - ok

13:48:23.0794 6032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

13:48:23.0796 6032 Filetrace - ok

13:48:23.0975 6032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

13:48:23.0976 6032 flpydisk - ok

13:48:24.0067 6032 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

13:48:24.0072 6032 FltMgr - ok

13:48:24.0136 6032 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

13:48:24.0153 6032 FsDepends - ok

13:48:24.0181 6032 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

13:48:24.0182 6032 Fs_Rec - ok

13:48:24.0323 6032 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

13:48:24.0327 6032 fvevol - ok

13:48:24.0397 6032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

13:48:24.0406 6032 gagp30kx - ok

13:48:24.0494 6032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

13:48:24.0512 6032 GEARAspiWDM - ok

13:48:24.0553 6032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

13:48:24.0554 6032 hcw85cir - ok

13:48:24.0763 6032 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

13:48:24.0769 6032 HdAudAddService - ok

13:48:24.0857 6032 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

13:48:24.0860 6032 HDAudBus - ok

13:48:24.0965 6032 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

13:48:24.0967 6032 HECIx64 - ok

13:48:25.0024 6032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

13:48:25.0026 6032 HidBatt - ok

13:48:25.0155 6032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

13:48:25.0167 6032 HidBth - ok

13:48:25.0192 6032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

13:48:25.0193 6032 HidIr - ok

13:48:25.0295 6032 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

13:48:25.0297 6032 HidUsb - ok

13:48:25.0612 6032 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\windows\system32\DRIVERS\hpdskflt.sys

13:48:25.0627 6032 hpdskflt - ok

13:48:25.0717 6032 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys

13:48:25.0718 6032 HpqKbFiltr - ok

13:48:25.0827 6032 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

13:48:25.0830 6032 HpSAMD - ok

13:48:25.0928 6032 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

13:48:25.0947 6032 HTTP - ok

13:48:26.0142 6032 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

13:48:26.0143 6032 hwpolicy - ok

13:48:26.0192 6032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

13:48:26.0205 6032 i8042prt - ok

13:48:26.0345 6032 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys

13:48:26.0351 6032 iaStor - ok

13:48:26.0617 6032 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

13:48:26.0623 6032 iaStorV - ok

13:48:26.0697 6032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

13:48:26.0713 6032 iirsp - ok

13:48:26.0802 6032 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys

13:48:26.0820 6032 Impcd - ok

13:48:27.0034 6032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

13:48:27.0036 6032 intelide - ok

13:48:27.0087 6032 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

13:48:27.0095 6032 intelppm - ok

13:48:27.0137 6032 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

13:48:27.0155 6032 IpFilterDriver - ok

13:48:27.0209 6032 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

13:48:27.0213 6032 IPMIDRV - ok

13:48:27.0370 6032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

13:48:27.0387 6032 IPNAT - ok

13:48:27.0519 6032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

13:48:27.0536 6032 IRENUM - ok

13:48:27.0606 6032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

13:48:27.0608 6032 isapnp - ok

13:48:27.0632 6032 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

13:48:27.0637 6032 iScsiPrt - ok

13:48:27.0799 6032 jrdusbser (5678ec677028221ec5c815bcd07ab697) C:\windows\system32\DRIVERS\jrdusbser.sys

13:48:27.0802 6032 jrdusbser - ok

13:48:27.0837 6032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

13:48:27.0850 6032 kbdclass - ok

13:48:27.0934 6032 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

13:48:27.0935 6032 kbdhid - ok

13:48:28.0007 6032 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys

13:48:28.0024 6032 KSecDD - ok

13:48:28.0238 6032 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys

13:48:28.0240 6032 KSecPkg - ok

13:48:28.0329 6032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

13:48:28.0331 6032 ksthunk - ok

13:48:28.0414 6032 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

13:48:28.0425 6032 lltdio - ok

13:48:28.0659 6032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

13:48:28.0661 6032 LSI_FC - ok

13:48:28.0709 6032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

13:48:28.0725 6032 LSI_SAS - ok

13:48:28.0752 6032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

13:48:28.0762 6032 LSI_SAS2 - ok

13:48:28.0853 6032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

13:48:28.0861 6032 LSI_SCSI - ok

13:48:28.0964 6032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

13:48:28.0976 6032 luafv - ok

13:48:29.0196 6032 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

13:48:29.0209 6032 MBAMProtector - ok

13:48:29.0337 6032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

13:48:29.0352 6032 megasas - ok

13:48:29.0499 6032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

13:48:29.0504 6032 MegaSR - ok

13:48:29.0594 6032 mfeapfk (987b4e601d1b802481f8208dc31a3609) C:\windows\system32\drivers\mfeapfk.sys

13:48:29.0597 6032 mfeapfk - ok

13:48:29.0721 6032 mfeavfk (f9bbcfa30ee9d8329c2418e30a973070) C:\windows\system32\drivers\mfeavfk.sys

13:48:29.0742 6032 mfeavfk - ok

13:48:29.0800 6032 mfehidk (658158edc55e913d09acf42d4b84b1fc) C:\windows\system32\drivers\mfehidk.sys

13:48:29.0806 6032 mfehidk - ok

13:48:29.0920 6032 mferkdet (8113e310275ce13f9a935c6db4f5b2a3) C:\windows\system32\drivers\mferkdet.sys

13:48:29.0931 6032 mferkdet - ok

13:48:30.0063 6032 mfewfpk (62a29b0fde4f747c7ac76bbd37a9f886) C:\windows\system32\drivers\mfewfpk.sys

13:48:30.0081 6032 mfewfpk - ok

13:48:30.0221 6032 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

13:48:30.0237 6032 Modem - ok

13:48:30.0330 6032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

13:48:30.0348 6032 monitor - ok

13:48:30.0426 6032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

13:48:30.0443 6032 mouclass - ok

13:48:30.0525 6032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

13:48:30.0527 6032 mouhid - ok

13:48:30.0627 6032 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

13:48:30.0629 6032 mountmgr - ok

13:48:30.0748 6032 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\windows\system32\Drivers\Mpfp.sys

13:48:30.0752 6032 MPFP - ok

13:48:30.0834 6032 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

13:48:30.0837 6032 mpio - ok

13:48:30.0889 6032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

13:48:30.0891 6032 mpsdrv - ok

13:48:31.0024 6032 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

13:48:31.0042 6032 MRxDAV - ok

13:48:31.0185 6032 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

13:48:31.0188 6032 mrxsmb - ok

13:48:31.0302 6032 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

13:48:31.0307 6032 mrxsmb10 - ok

13:48:31.0351 6032 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

13:48:31.0368 6032 mrxsmb20 - ok

13:48:31.0404 6032 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

13:48:31.0416 6032 msahci - ok

13:48:31.0492 6032 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

13:48:31.0494 6032 msdsm - ok

13:48:31.0608 6032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

13:48:31.0623 6032 Msfs - ok

13:48:31.0731 6032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

13:48:31.0733 6032 mshidkmdf - ok

13:48:31.0800 6032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

13:48:31.0801 6032 msisadrv - ok

13:48:31.0914 6032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

13:48:31.0916 6032 MSKSSRV - ok

13:48:31.0977 6032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

13:48:31.0988 6032 MSPCLOCK - ok

13:48:32.0078 6032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

13:48:32.0091 6032 MSPQM - ok

13:48:32.0252 6032 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

13:48:32.0259 6032 MsRPC - ok

13:48:32.0340 6032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

13:48:32.0341 6032 mssmbios - ok

13:48:32.0420 6032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

13:48:32.0437 6032 MSTEE - ok

13:48:32.0545 6032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

13:48:32.0547 6032 MTConfig - ok

13:48:32.0606 6032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

13:48:32.0608 6032 Mup - ok

13:48:32.0688 6032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

13:48:32.0693 6032 NativeWifiP - ok

13:48:32.0975 6032 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

13:48:32.0987 6032 NDIS - ok

13:48:33.0139 6032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

13:48:33.0154 6032 NdisCap - ok

13:48:33.0211 6032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

13:48:33.0229 6032 NdisTapi - ok

13:48:33.0352 6032 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

13:48:33.0363 6032 Ndisuio - ok

13:48:33.0423 6032 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

13:48:33.0426 6032 NdisWan - ok

13:48:33.0591 6032 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

13:48:33.0594 6032 NDProxy - ok

13:48:33.0669 6032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

13:48:33.0670 6032 NetBIOS - ok

13:48:33.0813 6032 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

13:48:33.0816 6032 NetBT - ok

13:48:34.0012 6032 netr28x (b964d4c524a80aba22db16fc1eded0a9) C:\windows\system32\DRIVERS\netr28x.sys

13:48:34.0030 6032 netr28x - ok

13:48:34.0131 6032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

13:48:34.0145 6032 nfrd960 - ok

13:48:34.0219 6032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

13:48:34.0221 6032 Npfs - ok

13:48:34.0247 6032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

13:48:34.0248 6032 nsiproxy - ok

13:48:34.0427 6032 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

13:48:34.0444 6032 Ntfs - ok

13:48:34.0598 6032 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

13:48:34.0614 6032 Null - ok

13:48:34.0721 6032 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

13:48:34.0725 6032 nvraid - ok

13:48:34.0764 6032 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

13:48:34.0766 6032 nvstor - ok

13:48:34.0822 6032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

13:48:34.0832 6032 nv_agp - ok

13:48:34.0972 6032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

13:48:34.0986 6032 ohci1394 - ok

13:48:35.0220 6032 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

13:48:35.0229 6032 Parport - ok

13:48:35.0325 6032 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

13:48:35.0344 6032 partmgr - ok

13:48:35.0402 6032 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

13:48:35.0404 6032 pci - ok

13:48:35.0455 6032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

13:48:35.0473 6032 pciide - ok

13:48:35.0620 6032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

13:48:35.0624 6032 pcmcia - ok

13:48:35.0737 6032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

13:48:35.0751 6032 pcw - ok

13:48:35.0925 6032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

13:48:35.0943 6032 PEAUTH - ok

13:48:36.0223 6032 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

13:48:36.0225 6032 PptpMiniport - ok

13:48:36.0254 6032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

13:48:36.0272 6032 Processor - ok

13:48:36.0398 6032 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

13:48:36.0399 6032 Psched - ok

13:48:36.0648 6032 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys

13:48:36.0660 6032 PxHlpa64 - ok

13:48:36.0827 6032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

13:48:36.0843 6032 ql2300 - ok

13:48:37.0060 6032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

13:48:37.0062 6032 ql40xx - ok

13:48:37.0166 6032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

13:48:37.0167 6032 QWAVEdrv - ok

13:48:37.0192 6032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

13:48:37.0208 6032 RasAcd - ok

13:48:37.0290 6032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

13:48:37.0292 6032 RasAgileVpn - ok

13:48:37.0455 6032 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

13:48:37.0472 6032 Rasl2tp - ok

13:48:37.0536 6032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

13:48:37.0553 6032 RasPppoe - ok

13:48:37.0611 6032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

13:48:37.0625 6032 RasSstp - ok

13:48:37.0738 6032 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

13:48:37.0744 6032 rdbss - ok

13:48:37.0838 6032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

13:48:37.0839 6032 rdpbus - ok

13:48:37.0962 6032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

13:48:37.0964 6032 RDPCDD - ok

13:48:38.0021 6032 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys

13:48:38.0024 6032 RDPDR - ok

13:48:38.0059 6032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

13:48:38.0069 6032 RDPENCDD - ok

13:48:38.0154 6032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

13:48:38.0156 6032 RDPREFMP - ok

13:48:38.0382 6032 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

13:48:38.0399 6032 RDPWD - ok

13:48:38.0461 6032 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

13:48:38.0464 6032 rdyboost - ok

13:48:38.0572 6032 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

13:48:38.0575 6032 RFCOMM - ok

13:48:38.0756 6032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

13:48:38.0757 6032 rspndr - ok

13:48:38.0912 6032 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys

13:48:38.0917 6032 RSUSBSTOR - ok

13:48:39.0014 6032 RsvLock (ecbab4cd65cbedbe26ec6838e4fb7c1c) C:\windows\system32\drivers\RsvLock.sys

13:48:39.0033 6032 RsvLock - ok

13:48:39.0231 6032 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys

13:48:39.0237 6032 RTL8167 - ok

13:48:39.0298 6032 s3cap (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys

13:48:39.0299 6032 s3cap - ok

13:48:39.0347 6032 SafeBoot (317a99735c3a26c5cd60ab59e5e7e4e2) C:\windows\system32\drivers\SafeBoot.sys

13:48:39.0347 6032 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 317a99735c3a26c5cd60ab59e5e7e4e2

13:48:39.0348 6032 SafeBoot ( LockedFile.Multi.Generic ) - warning

13:48:39.0348 6032 SafeBoot - detected LockedFile.Multi.Generic (1)

13:48:39.0419 6032 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\windows\system32\drivers\SbAlg.sys

13:48:39.0436 6032 SbAlg - ok

13:48:39.0563 6032 SbFsLock (fcaa034231e58b0de64d0a7904015535) C:\windows\system32\drivers\SbFsLock.sys

13:48:39.0580 6032 SbFsLock - ok

13:48:39.0623 6032 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

13:48:39.0634 6032 sbp2port - ok

13:48:39.0702 6032 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

13:48:39.0720 6032 scfilter - ok

13:48:39.0786 6032 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

13:48:39.0803 6032 sdbus - ok

13:48:40.0102 6032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

13:48:40.0120 6032 secdrv - ok

13:48:40.0177 6032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

13:48:40.0179 6032 Serenum - ok

13:48:40.0233 6032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

13:48:40.0234 6032 Serial - ok

13:48:40.0289 6032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

13:48:40.0304 6032 sermouse - ok

13:48:40.0531 6032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

13:48:40.0547 6032 sffdisk - ok

13:48:40.0585 6032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

13:48:40.0597 6032 sffp_mmc - ok

13:48:40.0627 6032 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

13:48:40.0644 6032 sffp_sd - ok

13:48:40.0694 6032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

13:48:40.0705 6032 sfloppy - ok

13:48:40.0846 6032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

13:48:40.0860 6032 SiSRaid2 - ok

13:48:40.0886 6032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

13:48:40.0898 6032 SiSRaid4 - ok

13:48:41.0022 6032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

13:48:41.0024 6032 Smb - ok

13:48:41.0238 6032 SNP2UVC (6fc63b4b19fb809336034d5c5c4d2bc0) C:\windows\system32\DRIVERS\snp2uvc.sys

13:48:41.0274 6032 SNP2UVC - ok

13:48:41.0453 6032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

13:48:41.0465 6032 spldr - ok

13:48:41.0556 6032 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

13:48:41.0561 6032 srv - ok

13:48:41.0698 6032 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

13:48:41.0711 6032 srv2 - ok

13:48:41.0896 6032 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

13:48:41.0899 6032 srvnet - ok

13:48:42.0037 6032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

13:48:42.0056 6032 stexstor - ok

13:48:42.0248 6032 STHDA (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys

13:48:42.0254 6032 STHDA - ok

13:48:42.0394 6032 storflt (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys

13:48:42.0407 6032 storflt - ok

13:48:42.0452 6032 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys

13:48:42.0453 6032 storvsc - ok

13:48:42.0504 6032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

13:48:42.0508 6032 swenum - ok

13:48:42.0748 6032 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\windows\system32\DRIVERS\SynTP.sys

13:48:42.0763 6032 SynTP - ok

13:48:42.0980 6032 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

13:48:42.0990 6032 Tcpip - ok

13:48:43.0169 6032 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

13:48:43.0181 6032 TCPIP6 - ok

13:48:43.0287 6032 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

13:48:43.0305 6032 tcpipreg - ok

13:48:43.0380 6032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

13:48:43.0381 6032 TDPIPE - ok

13:48:43.0448 6032 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

13:48:43.0469 6032 TDTCP - ok

13:48:43.0603 6032 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

13:48:43.0605 6032 tdx - ok

13:48:43.0673 6032 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

13:48:43.0688 6032 TermDD - ok

13:48:43.0769 6032 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys

13:48:43.0771 6032 TPM - ok

13:48:43.0866 6032 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

13:48:43.0874 6032 tssecsrv - ok

13:48:44.0006 6032 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

13:48:44.0008 6032 TsUsbFlt - ok

13:48:44.0140 6032 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

13:48:44.0143 6032 tunnel - ok

13:48:44.0213 6032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

13:48:44.0223 6032 uagp35 - ok

13:48:44.0370 6032 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

13:48:44.0374 6032 udfs - ok

13:48:44.0513 6032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

13:48:44.0532 6032 uliagpkx - ok

13:48:44.0660 6032 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

13:48:44.0662 6032 umbus - ok

13:48:44.0724 6032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

13:48:44.0741 6032 UmPass - ok

13:48:44.0870 6032 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

13:48:44.0885 6032 usbccgp - ok

13:48:44.0987 6032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

13:48:45.0009 6032 usbcir - ok

13:48:45.0111 6032 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

13:48:45.0130 6032 usbehci - ok

13:48:45.0264 6032 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

13:48:45.0268 6032 usbhub - ok

13:48:45.0428 6032 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

13:48:45.0430 6032 usbohci - ok

13:48:45.0531 6032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

13:48:45.0532 6032 usbprint - ok

13:48:45.0568 6032 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

13:48:45.0583 6032 USBSTOR - ok

13:48:45.0682 6032 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

13:48:45.0693 6032 usbuhci - ok

13:48:45.0788 6032 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

13:48:45.0803 6032 usbvideo - ok

13:48:45.0992 6032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

13:48:45.0994 6032 vdrvroot - ok

13:48:46.0098 6032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

13:48:46.0114 6032 vga - ok

13:48:46.0218 6032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

13:48:46.0233 6032 VgaSave - ok

13:48:46.0281 6032 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

13:48:46.0284 6032 vhdmp - ok

13:48:46.0375 6032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

13:48:46.0390 6032 viaide - ok

13:48:46.0501 6032 vmbus (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys

13:48:46.0504 6032 vmbus - ok

13:48:46.0542 6032 VMBusHID (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys

13:48:46.0543 6032 VMBusHID - ok

13:48:46.0689 6032 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

13:48:46.0701 6032 volmgr - ok

13:48:46.0752 6032 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

13:48:46.0756 6032 volmgrx - ok

13:48:46.0846 6032 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

13:48:46.0850 6032 volsnap - ok

13:48:47.0032 6032 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\windows\system32\DRIVERS\vpchbus.sys

13:48:47.0049 6032 vpcbus - ok

13:48:47.0109 6032 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\windows\system32\DRIVERS\vpcnfltr.sys

13:48:47.0122 6032 vpcnfltr - ok

13:48:47.0189 6032 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\windows\system32\DRIVERS\vpcusb.sys

13:48:47.0206 6032 vpcusb - ok

13:48:47.0279 6032 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\windows\system32\drivers\vpcvmm.sys

13:48:47.0283 6032 vpcvmm - ok

13:48:47.0481 6032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

13:48:47.0483 6032 vsmraid - ok

13:48:47.0582 6032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

13:48:47.0599 6032 vwifibus - ok

13:48:47.0637 6032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

13:48:47.0644 6032 vwififlt - ok

13:48:47.0682 6032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

13:48:47.0699 6032 WacomPen - ok

13:48:47.0910 6032 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

13:48:47.0925 6032 WANARP - ok

13:48:47.0932 6032 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

13:48:47.0933 6032 Wanarpv6 - ok

13:48:48.0067 6032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

13:48:48.0082 6032 Wd - ok

13:48:48.0208 6032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

13:48:48.0227 6032 Wdf01000 - ok

13:48:48.0383 6032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

13:48:48.0401 6032 WfpLwf - ok

13:48:48.0430 6032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

13:48:48.0439 6032 WIMMount - ok

13:48:48.0606 6032 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys

13:48:48.0608 6032 WinUSB - ok

13:48:48.0743 6032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

13:48:48.0758 6032 WmiAcpi - ok

13:48:48.0866 6032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

13:48:48.0882 6032 ws2ifsl - ok

13:48:48.0948 6032 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

13:48:48.0950 6032 WudfPf - ok

13:48:49.0053 6032 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

13:48:49.0055 6032 WUDFRd - ok

13:48:49.0148 6032 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:48:49.0211 6032 \Device\Harddisk0\DR0 - ok

13:48:49.0227 6032 Boot (0x1200) (831740ab2d00ac8cf5f5174afeee72a1) \Device\Harddisk0\DR0\Partition0

13:48:49.0236 6032 \Device\Harddisk0\DR0\Partition0 - ok

13:48:49.0261 6032 Boot (0x1200) (0b1291bcdcd7ffc378f98ca6960778ab) \Device\Harddisk0\DR0\Partition1

13:48:49.0277 6032 \Device\Harddisk0\DR0\Partition1 - ok

13:48:49.0306 6032 Boot (0x1200) (78c09ba2571fa95b708cf99524c313dd) \Device\Harddisk0\DR0\Partition2

13:48:49.0328 6032 \Device\Harddisk0\DR0\Partition2 - ok

13:48:49.0350 6032 Boot (0x1200) (0e9bd0adcf80f15bb3ea82b139e1ba1f) \Device\Harddisk0\DR0\Partition3

13:48:49.0350 6032 \Device\Harddisk0\DR0\Partition3 - ok

13:48:49.0351 6032 ============================================================

13:48:49.0351 6032 Scan finished

13:48:49.0351 6032 ============================================================

13:48:49.0368 6896 Detected object count: 1

13:48:49.0368 6896 Actual detected object count: 1

13:48:51.0887 6896 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

13:48:51.0887 6896 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

And malewarebytes always finds a backdoor.agent, which I then delete, but comes up again and again. This is the log from malewarebytes:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org

Datenbank Version: v2012.01.18.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

dario.meyer :: D [Administrator]

Schutz: Aktiviert

18.01.2012 17:00:53

mbam-log-2012-01-18 (17-00-53).txt

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 180368

Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\d.m\AppData\Local\163a72c1\X -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

(Ende)

Thank you guys very much!

[MrCharlie]

Please download and run RogueKiller.

Choose 1 to scan the system

Post back the report.

MrC

[swiss85]

Dear MrCharlie

THanks a lot for supporting me. The Roguekiller report is the following:

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: d.m [Admin rights]

Mode: Scan -- Date : 01/20/2012 15:17:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\d.m\AppData\Local\163a72c1\X) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\d.m\AppData\Local\163a72c1\X) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] d724c655336373d708236357b75ed7d7

[bSP] 8eb83cb5c8f64861f3c45ddf97a2defc : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 314 Mo

1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 616448 | Size: 301503 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 589490176 | Size: 16106 Mo

3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 620947456 | Size: 2142 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[swiss85]

Here are the logs!

Thank you!!!

OTL

OTL logfile created on: 1/21/2012 1:27:43 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\d.m\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.59% Memory free

7.72 Gb Paging File | 4.59 Gb Available in Paging File | 59.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 280.80 Gb Total Space | 205.81 Gb Free Space | 73.30% Space Free | Partition Type: NTFS

Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.65% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: DARIOMEYER-HP | User Name: dario.meyer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 13:25:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2011/12/05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\dario.meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011/12/05 10:02:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2011/05/11 16:44:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2010/08/27 16:04:32 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe

PRC - [2010/07/16 14:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

PRC - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe

PRC - [2010/04/10 00:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2010/02/17 21:07:38 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe

PRC - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

PRC - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

PRC - [2009/12/12 01:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

PRC - [2009/12/12 01:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\system\uArcCapture.exe

PRC - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/10/23 19:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2009/08/07 17:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2009/05/08 23:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/11 09:14:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/12/05 10:02:35 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/11/27 08:20:53 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/10/15 09:40:05 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll

MOD - [2011/10/15 09:40:04 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll

MOD - [2011/10/15 09:34:43 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll

MOD - [2011/10/15 09:34:29 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll

MOD - [2011/10/15 09:34:21 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll

MOD - [2011/10/15 09:34:09 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/15 09:34:04 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/15 09:34:03 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll

MOD - [2011/10/15 09:34:02 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll

MOD - [2011/10/15 09:33:53 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/10/15 09:33:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/15 09:33:46 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/15 09:33:46 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/10/15 09:33:41 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/14 13:55:58 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2011/05/11 16:44:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/09/03 23:12:28 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2010/02/11 21:47:04 | 000,636,176 | ---- | M] () -- C:\Windows\SysWOW64\SUPSDK.dll

MOD - [2009/11/17 22:39:36 | 000,329,272 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll

MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009/06/17 19:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2009/06/17 19:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2009/06/17 19:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/16 18:49:55 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)

SRV:64bit: - [2011/08/16 18:49:54 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2010/09/21 12:10:11 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/08/05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/07/16 14:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2010/06/29 19:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)

SRV:64bit: - [2010/06/19 00:25:12 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)

SRV:64bit: - [2010/05/20 21:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV:64bit: - [2010/05/20 21:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)

SRV:64bit: - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)

SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/02/08 19:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/02/04 19:48:28 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)

SRV:64bit: - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV:64bit: - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)

SRV:64bit: - [2009/12/14 19:15:58 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2010/09/21 12:10:10 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/27 16:04:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 19:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)

SRV - [2009/12/14 18:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2009/12/12 01:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\system\uArcCapture.exe -- (uArcCapture)

SRV - [2009/11/17 22:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)

SRV - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/23 19:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2009/08/07 17:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/08 23:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/08/16 18:49:55 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/04 10:12:54 | 000,120,832 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)

DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/08/04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/06/29 18:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)

DRV:64bit: - [2010/06/29 17:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/06/04 04:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/05/06 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/04/10 00:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)

DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2010/02/10 12:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/08 19:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2010/01/12 23:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/12/19 00:13:30 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV:64bit: - [2009/12/16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)

DRV:64bit: - [2009/12/16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)

DRV:64bit: - [2009/12/16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)

DRV:64bit: - [2009/12/04 11:48:18 | 000,032,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)

DRV:64bit: - [2009/11/11 10:11:00 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/10/21 21:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)

DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/09 22:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2009/12/16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)

DRV - [2009/12/16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2009/12/16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)

DRV - [2009/12/16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4191

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/03 23:32:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/16 17:25:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/01/05 16:13:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/05 10:02:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 08:17:07 | 000,000,000 | ---D | M]

[2010/11/03 10:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Extensions

[2012/01/18 10:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Firefox\Profiles\s8fp12o8.default\extensions

[2011/07/07 14:57:11 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Firefox\Profiles\s8fp12o8.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}

[2011/05/17 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010/12/06 18:09:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/06 10:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\DARIO.MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S8FP12O8.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

[2011/12/05 10:02:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/30 10:19:14 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2010/01/01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100903155320.dll (McAfee, Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100903155320.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)

O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.)

O4 - HKLM..\Run: [ModemListener] C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe ()

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\dario.meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dario.meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF76AF9F-3235-445A-A1E3-5B6379EB1301}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\myrm - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002 Winlogon: Shell - (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -C:\Users\dario.meyer\AppData\Local\163a72c1\X ()

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 13:25:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

[2012/01/20 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\Desktop\RK_Quarantine

[2012/01/18 13:31:13 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dario.meyer\Desktop\TDSSKiller.exe

[2012/01/18 13:07:55 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\AppData\Roaming\Malwarebytes

[2012/01/18 13:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/18 13:07:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/01/18 13:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/01/18 13:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/18 13:07:11 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dario.meyer\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/17 22:55:40 | 000,000,000 | -HSD | C] -- C:\Users\dario.meyer\AppData\Local\163a72c1

[2012/01/14 11:14:53 | 000,120,832 | ---- | C] (TCT International Mobile Ltd) -- C:\windows\SysNative\drivers\jrdusbser.sys

[2012/01/14 11:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunrise T@KE AWAY

[2012/01/14 11:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunrise T@KE AWAY

[2012/01/14 11:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeviceHelper

[2012/01/05 16:13:41 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\AppData\Local\Programs

[2012/01/05 16:13:27 | 000,000,000 | ---D | C] -- C:\windows\DPDrv

[2010/09/21 12:15:37 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 13:30:24 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 13:30:24 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 13:25:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

[2012/01/21 13:23:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/20 15:16:30 | 000,787,456 | ---- | M] () -- C:\Users\dario.meyer\Desktop\RogueKiller.exe

[2012/01/19 15:11:52 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/01/19 15:11:52 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/01/19 15:11:52 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/01/19 15:11:52 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/01/19 15:11:52 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/01/19 09:09:22 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/19 00:11:28 | 000,017,113 | ---- | M] () -- C:\windows\SysNative\Config.MPF

[2012/01/18 13:30:21 | 000,334,359 | ---- | M] () -- C:\Users\dario.meyer\Desktop\FSS.exe

[2012/01/18 13:07:22 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dario.meyer\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/18 09:27:00 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dario.meyer\Desktop\TDSSKiller.exe

[2012/01/17 23:00:38 | 000,000,356 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFordario.meyer.job

[2012/01/14 18:45:37 | 001,612,461 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[18].pdf

[2012/01/14 11:14:52 | 000,001,100 | ---- | M] () -- C:\Users\dario.meyer\Desktop\Sunrise T@KE AWAY.lnk

[2012/01/07 14:54:56 | 000,085,894 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[17].pdf

[2012/01/07 14:54:49 | 000,366,094 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[16].pdf

[2012/01/07 14:54:45 | 000,366,094 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[15].pdf

[2012/01/07 14:54:38 | 000,229,030 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[14].pdf

[2012/01/07 14:38:41 | 000,088,491 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[13].pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/20 15:16:27 | 000,787,456 | ---- | C] () -- C:\Users\dario.meyer\Desktop\RogueKiller.exe

[2012/01/18 13:30:17 | 000,334,359 | ---- | C] () -- C:\Users\dario.meyer\Desktop\FSS.exe

[2012/01/14 18:36:15 | 001,612,461 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[18].pdf

[2012/01/14 11:14:52 | 000,001,100 | ---- | C] () -- C:\Users\dario.meyer\Desktop\Sunrise T@KE AWAY.lnk

[2012/01/07 14:54:55 | 000,085,894 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[17].pdf

[2012/01/07 14:54:47 | 000,366,094 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[16].pdf

[2012/01/07 14:54:43 | 000,366,094 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[15].pdf

[2012/01/07 14:54:36 | 000,229,030 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[14].pdf

[2012/01/07 14:38:40 | 000,088,491 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[13].pdf

[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign

[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign

[2011/03/22 18:59:28 | 000,001,854 | ---- | C] () -- C:\Users\dario.meyer\AppData\Roaming\GhostObjGAFix.xml

[2010/12/12 15:01:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E13A9C0EC2.sys

[2010/12/12 15:01:11 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/11/03 12:08:56 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI

[2010/11/03 12:08:56 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT

[2010/11/01 14:17:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/21 12:19:16 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat

[2010/09/21 12:15:37 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe

[2010/09/21 12:15:37 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2010/09/21 12:07:38 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2010/09/03 23:58:24 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbg.sys

[2010/09/03 23:52:41 | 000,000,186 | ---- | C] () -- C:\windows\SysWow64\HP Documentation.ini

[2010/09/03 23:31:25 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini

[2010/09/03 23:23:13 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign

[2010/06/02 13:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2010/02/11 21:47:04 | 000,636,176 | ---- | C] () -- C:\windows\SysWow64\SUPSDK.dll

[2010/02/11 21:46:52 | 000,050,448 | ---- | C] () -- C:\windows\SysWow64\ExpSnapShotAPI.dll

[2010/01/20 22:56:24 | 007,488,032 | ---- | C] () -- C:\windows\SysWow64\CogentData1.dat

[2010/01/20 22:56:22 | 000,002,432 | ---- | C] () -- C:\windows\SysWow64\CogentData2.dat

[2009/12/14 22:26:00 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

[2009/11/17 22:39:36 | 000,329,272 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll

[2009/09/29 23:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL

[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/04 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Babylon

[2011/09/28 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010/11/01 13:00:05 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DigitalPersona

[2012/01/20 15:16:12 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Dropbox

[2011/09/05 12:55:25 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoft

[2011/06/20 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/12/13 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\ifolor

[2011/12/04 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\PDF reDirect

[2010/11/06 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Scientific Software

[2012/01/18 15:34:34 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Spotify

[2011/12/20 10:02:59 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[swiss85]

And here the extras report:

Extras:

OTL logfile created on: 1/21/2012 1:27:43 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\d.m\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.86 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 55.59% Memory free

7.72 Gb Paging File | 4.59 Gb Available in Paging File | 59.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 280.80 Gb Total Space | 205.81 Gb Free Space | 73.30% Space Free | Partition Type: NTFS

Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.65% Space Free | Partition Type: FAT32

Unable to calculate disk information.

Computer Name: DARIOMEYER-HP | User Name: dario.meyer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 13:25:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2011/12/05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\dario.meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011/12/05 10:02:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2011/05/11 16:44:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe

PRC - [2010/08/27 16:04:32 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe

PRC - [2010/07/16 14:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

PRC - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe

PRC - [2010/04/10 00:54:38 | 001,441,544 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe

PRC - [2010/02/17 21:07:38 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe

PRC - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe

PRC - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

PRC - [2009/12/12 01:57:38 | 011,265,536 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

PRC - [2009/12/12 01:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\system\uArcCapture.exe

PRC - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/10/23 19:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2009/08/07 17:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

PRC - [2009/05/08 23:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/11 09:14:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/12/05 10:02:35 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/11/27 08:20:53 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/10/15 09:40:05 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll

MOD - [2011/10/15 09:40:04 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll

MOD - [2011/10/15 09:34:43 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll

MOD - [2011/10/15 09:34:29 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll

MOD - [2011/10/15 09:34:21 | 014,339,072 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll

MOD - [2011/10/15 09:34:09 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/15 09:34:04 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/15 09:34:03 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll

MOD - [2011/10/15 09:34:02 | 012,234,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll

MOD - [2011/10/15 09:33:53 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/10/15 09:33:49 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/15 09:33:46 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/15 09:33:46 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/10/15 09:33:41 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/09/14 13:55:58 | 000,036,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2011/05/11 16:44:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe

MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/09/03 23:12:28 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2010/02/11 21:47:04 | 000,636,176 | ---- | M] () -- C:\Windows\SysWOW64\SUPSDK.dll

MOD - [2009/11/17 22:39:36 | 000,329,272 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll

MOD - [2009/09/29 23:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009/09/29 23:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009/09/29 23:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2009/09/29 23:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2009/09/29 23:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2009/09/29 23:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2009/09/29 23:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2009/09/29 23:25:18 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009/06/17 19:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2009/06/17 19:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2009/06/17 19:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/16 18:49:55 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)

SRV:64bit: - [2011/08/16 18:49:54 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2010/09/21 12:10:11 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2010/08/05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/07/16 14:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)

SRV:64bit: - [2010/06/29 19:52:12 | 004,181,256 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)

SRV:64bit: - [2010/06/19 00:25:12 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)

SRV:64bit: - [2010/05/20 21:28:14 | 000,677,128 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV:64bit: - [2010/05/20 21:28:12 | 001,096,968 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)

SRV:64bit: - [2010/05/10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)

SRV:64bit: - [2010/04/05 19:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/02/08 19:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/02/04 19:48:28 | 000,199,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)

SRV:64bit: - [2009/12/16 01:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV:64bit: - [2009/12/16 01:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)

SRV:64bit: - [2009/12/14 19:15:58 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/09/01 01:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)

SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/10/19 12:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2010/09/21 12:10:10 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/27 16:04:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010/03/18 19:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/01 18:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)

SRV - [2010/02/17 21:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)

SRV - [2009/12/14 18:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)

SRV - [2009/12/12 01:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2009/12/04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\system\uArcCapture.exe -- (uArcCapture)

SRV - [2009/11/17 22:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)

SRV - [2009/11/04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/11/04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/23 19:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2009/08/07 17:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/08 23:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/08/16 18:49:55 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/04 10:12:54 | 000,120,832 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)

DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/08/05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/08/04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/06/29 18:12:26 | 003,232,768 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)

DRV:64bit: - [2010/06/29 17:01:38 | 000,931,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/06/04 04:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/05/06 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/04/10 00:53:04 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)

DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/02/16 20:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2010/02/10 12:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/08 19:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/02/08 19:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2010/01/12 23:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/12/19 00:13:30 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV:64bit: - [2009/12/16 01:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)

DRV:64bit: - [2009/12/16 01:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)

DRV:64bit: - [2009/12/16 01:12:18 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)

DRV:64bit: - [2009/12/04 11:48:18 | 000,032,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)

DRV:64bit: - [2009/11/11 10:11:00 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/10/21 21:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)

DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 19:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/09 22:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2009/12/16 01:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)

DRV - [2009/12/16 01:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2009/12/16 01:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)

DRV - [2009/12/16 01:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2111709070-2558796462-642746938-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4191

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/03 23:32:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/16 17:25:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/01/05 16:13:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/05 10:02:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/05 08:17:07 | 000,000,000 | ---D | M]

[2010/11/03 10:24:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Extensions

[2012/01/18 10:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Firefox\Profiles\s8fp12o8.default\extensions

[2011/07/07 14:57:11 | 000,000,000 | ---D | M] ("BabelFish") -- C:\Users\dario.meyer\AppData\Roaming\mozilla\Firefox\Profiles\s8fp12o8.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}

[2011/05/17 15:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010/12/06 18:09:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/06 10:30:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\DARIO.MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S8FP12O8.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

[2011/12/05 10:02:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/30 10:19:14 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

[2010/01/01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010/01/01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010/01/01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100903155320.dll (McAfee, Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100903155320.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)

O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.)

O4 - HKLM..\Run: [ModemListener] C:\Program Files (x86)\Sunrise T@KE AWAY\ModemListener.exe ()

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\dario.meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dario.meyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF76AF9F-3235-445A-A1E3-5B6379EB1301}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\myrm - No CLSID value found

O18:64bit: - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002 Winlogon: Shell - (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -C:\Users\dario.meyer\AppData\Local\163a72c1\X ()

O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 13:25:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

[2012/01/20 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\Desktop\RK_Quarantine

[2012/01/18 13:31:13 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\dario.meyer\Desktop\TDSSKiller.exe

[2012/01/18 13:07:55 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\AppData\Roaming\Malwarebytes

[2012/01/18 13:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/18 13:07:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/01/18 13:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/01/18 13:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/18 13:07:11 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dario.meyer\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/17 22:55:40 | 000,000,000 | -HSD | C] -- C:\Users\dario.meyer\AppData\Local\163a72c1

[2012/01/14 11:14:53 | 000,120,832 | ---- | C] (TCT International Mobile Ltd) -- C:\windows\SysNative\drivers\jrdusbser.sys

[2012/01/14 11:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunrise T@KE AWAY

[2012/01/14 11:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunrise T@KE AWAY

[2012/01/14 11:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeviceHelper

[2012/01/05 16:13:41 | 000,000,000 | ---D | C] -- C:\Users\dario.meyer\AppData\Local\Programs

[2012/01/05 16:13:27 | 000,000,000 | ---D | C] -- C:\windows\DPDrv

[2010/09/21 12:15:37 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/21 13:30:24 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 13:30:24 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 13:25:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dario.meyer\Desktop\OTL.exe

[2012/01/21 13:23:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/01/20 15:16:30 | 000,787,456 | ---- | M] () -- C:\Users\dario.meyer\Desktop\RogueKiller.exe

[2012/01/19 15:11:52 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/01/19 15:11:52 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012/01/19 15:11:52 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/01/19 15:11:52 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012/01/19 15:11:52 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/01/19 09:09:22 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/19 00:11:28 | 000,017,113 | ---- | M] () -- C:\windows\SysNative\Config.MPF

[2012/01/18 13:30:21 | 000,334,359 | ---- | M] () -- C:\Users\dario.meyer\Desktop\FSS.exe

[2012/01/18 13:07:22 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dario.meyer\Desktop\mbam-setup-1.60.0.1800.exe

[2012/01/18 09:27:00 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\dario.meyer\Desktop\TDSSKiller.exe

[2012/01/17 23:00:38 | 000,000,356 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFordario.meyer.job

[2012/01/14 18:45:37 | 001,612,461 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[18].pdf

[2012/01/14 11:14:52 | 000,001,100 | ---- | M] () -- C:\Users\dario.meyer\Desktop\Sunrise T@KE AWAY.lnk

[2012/01/07 14:54:56 | 000,085,894 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[17].pdf

[2012/01/07 14:54:49 | 000,366,094 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[16].pdf

[2012/01/07 14:54:45 | 000,366,094 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[15].pdf

[2012/01/07 14:54:38 | 000,229,030 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[14].pdf

[2012/01/07 14:38:41 | 000,088,491 | ---- | M] () -- C:\Users\dario.meyer\Documents\Untitled[13].pdf

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/20 15:16:27 | 000,787,456 | ---- | C] () -- C:\Users\dario.meyer\Desktop\RogueKiller.exe

[2012/01/18 13:30:17 | 000,334,359 | ---- | C] () -- C:\Users\dario.meyer\Desktop\FSS.exe

[2012/01/14 18:36:15 | 001,612,461 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[18].pdf

[2012/01/14 11:14:52 | 000,001,100 | ---- | C] () -- C:\Users\dario.meyer\Desktop\Sunrise T@KE AWAY.lnk

[2012/01/07 14:54:55 | 000,085,894 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[17].pdf

[2012/01/07 14:54:47 | 000,366,094 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[16].pdf

[2012/01/07 14:54:43 | 000,366,094 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[15].pdf

[2012/01/07 14:54:36 | 000,229,030 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[14].pdf

[2012/01/07 14:38:40 | 000,088,491 | ---- | C] () -- C:\Users\dario.meyer\Documents\Untitled[13].pdf

[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign

[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign

[2011/03/22 18:59:28 | 000,001,854 | ---- | C] () -- C:\Users\dario.meyer\AppData\Roaming\GhostObjGAFix.xml

[2010/12/12 15:01:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E13A9C0EC2.sys

[2010/12/12 15:01:11 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/11/03 12:08:56 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI

[2010/11/03 12:08:56 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT

[2010/11/01 14:17:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/09/21 12:19:16 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat

[2010/09/21 12:15:37 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe

[2010/09/21 12:15:37 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini

[2010/09/21 12:07:38 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

[2010/09/03 23:58:24 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdecbg.sys

[2010/09/03 23:52:41 | 000,000,186 | ---- | C] () -- C:\windows\SysWow64\HP Documentation.ini

[2010/09/03 23:31:25 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini

[2010/09/03 23:23:13 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign

[2010/07/16 14:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign

[2010/07/15 16:01:46 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign

[2010/06/02 13:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

[2010/02/11 21:47:04 | 000,636,176 | ---- | C] () -- C:\windows\SysWow64\SUPSDK.dll

[2010/02/11 21:46:52 | 000,050,448 | ---- | C] () -- C:\windows\SysWow64\ExpSnapShotAPI.dll

[2010/01/20 22:56:24 | 007,488,032 | ---- | C] () -- C:\windows\SysWow64\CogentData1.dat

[2010/01/20 22:56:22 | 000,002,432 | ---- | C] () -- C:\windows\SysWow64\CogentData2.dat

[2009/12/14 22:26:00 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign

[2009/11/17 22:39:36 | 000,329,272 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll

[2009/09/29 23:25:16 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL

[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT

[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat

[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/04 17:34:51 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Babylon

[2011/09/28 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2010/11/01 13:00:05 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DigitalPersona

[2012/01/20 15:16:12 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Dropbox

[2011/09/05 12:55:25 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoft

[2011/06/20 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\DVDVideoSoftIEHelpers

[2010/12/13 13:09:25 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\ifolor

[2011/12/04 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\PDF reDirect

[2010/11/06 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Scientific Software

[2012/01/18 15:34:34 | 000,000,000 | ---D | M] -- C:\Users\dario.meyer\AppData\Roaming\Spotify

[2011/12/20 10:02:59 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

[MrCharlie]

Run Roguekiller again and press 1 for scan

Then press 2 "delete"

Copy back the report.

These are what we want to delete:

¤¤¤ Registry Entries: 4 ¤¤¤

[sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\d.m\AppData\Local\163a72c1\X) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\d.m\AppData\Local\163a72c1\X) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

---------------------------------

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF76AF9F-3235-445A-A1E3-5B6379EB1301}: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158 62.2.17.60

These seems to be OK, from SwitzerLand , Zurich

Just check them for me:

http://images.ip2loc...om/66307405.png

---------------------------------------------------------------------------------

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  O4 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
  O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
  O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
  O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
  O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
  O20 - HKU\S-1-5-21-2111709070-2558796462-642746938-1002 Winlogon: Shell - (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -C:\Users\dario.meyer\AppData\Local\163a72c1\X ()
  [2012/01/17 22:55:40 | 000,000,000 | -HSD | C] -- C:\Users\dario.meyer\AppData\Local\163a72c1
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  
  :Commands
  [emptytemp]

  
  

• 
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC

[swiss85]

Awesome, thank you! this is the report after 2 "delete":

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: dario.meyer [Admin rights]

Mode: Remove -- Date : 01/21/2012 17:46:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 28 ¤¤¤

[sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKCU\[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[sUSP PATH] HKUS\S-1-5-21-2111709070-2558796462-642746938-1002[...]\Winlogon : Shell (C:\Users\dario.meyer\AppData\Local\163a72c1\X) -> DELETED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] d724c655336373d708236357b75ed7d7

[bSP] 8eb83cb5c8f64861f3c45ddf97a2defc : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 314 Mo

1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 616448 | Size: 301503 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 589490176 | Size: 16106 Mo

3 - [XXXXXX] FAT32 [VISIBLE] Offset (sectors): 620947456 | Size: 2142 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

The other two are ok, its from the company providing the connection.

And this is the OTL report:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2111709070-2558796462-642746938-1002\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry value HKEY_USERS\S-1-5-21-2111709070-2558796462-642746938-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\dario.meyer\AppData\Local\163a72c1\X deleted successfully.

File \Users\dario.meyer\AppData\Local\163a72c1\X) -C:\Users\dario.meyer\AppData\Local\163a72c1\X not found.

C:\Users\dario.meyer\AppData\Local\163a72c1\U folder moved successfully.

Folder move failed. C:\Users\dario.meyer\AppData\Local\163a72c1 scheduled to be moved on reboot.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: dario.meyer

->Temp folder emptied: 1508983879 bytes

->Temporary Internet Files folder emptied: 336221158 bytes

->Java cache emptied: 4808005 bytes

->FireFox cache emptied: 99336727 bytes

->Flash cache emptied: 58314 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1533399 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 944167801 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,761.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01212012_175223

Files\Folders moved on Reboot...

C:\Users\dario.meyer\AppData\Local\163a72c1 folder moved successfully.

C:\Users\dario.meyer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\dario.meyer\AppData\Local\Temp\~DF4A522D482B4E6B74.TMP not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Temp\~DF7F3ED9D87CB6A2EE.TMP not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{EB0B55C1-0A27-4065-998B-893F016363F2}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{390260E9-4622-44B6-9278-B2DA6C18F81D}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3C4DC421-D016-4778-98D1-37EDB18D7311}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3EC0681F-1B2C-4049-ABBD-759BC2332AE9}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{59DB4D8A-4252-4E0E-8041-5372A0D702E7}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CF8FAA8E-172B-448C-9685-371428D55078}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F28F6455-5C91-49C7-8E43-02E43D8D624B}.tmp not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6199BCA2.png not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6F5CE101.png not found!

File\Folder C:\Users\dario.meyer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7FD12500.png not found!

Registry entries deleted on Reboot...

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Please let me know how it is, MrC

[swiss85]

This is the report, it looks good I think?

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org

Datenbank Version: v2012.01.22.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

dario.meyer :: DM-HP [Administrator]

Schutz: Aktiviert

22.01.2012 09:19:14

mbam-log-2012-01-22 (09-19-14).txt

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 178123

Laufzeit: 1 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

(Ende)

[MrCharlie]

Yes it's OK, is the computer OK now?? MrC

[swiss85]

Yes mediasshifting stopped opening up. Thank you very much for your help, awesome offering! Gonna donate via paypal.

Thanks!

[MrCharlie]

Great

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any questions...please post back.

Take a look at My Preventive Maintenance to avoid being infected again.

If I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!